+**Return of the GUI** - The 2.8 release includes a larger 4G USB image with a working

+X environment and full sources in addition to the standard 700M ISO and 1G USB images.

+

+**Crypto support** - A cryptsetup compatible cryptographic device mapper target was written for DragonFly. This means that it is now possible to encrypt DragonFly partitions (e.g., HAMMER and UFS). While it is possible to only encrypt any partition like `/home/`, it is also possible to encrypt the whole root file system. The latter is especially useful for mobile devices. It is also possible to encrypt the swap partition while still being able to dump a kernel core. Further, the code is SMP aware, so expect a speedup if using multi-core machines and don't have cryptographic hardware support.

+

+**Packet Filter (pf)** - Pf was updated to a version based upon OpenBSD 4.2. The previous version of pf in DragonFly was based on OpenBSD 3.5. This, in addition to laying the ground for further following OpenBSD's implementation, introduced several performance gains: Information like route-to, altq, tags, etc are now stored in the `mbuf` header directly. This was partially already the case up to DragonFly 2.6, but now the implementation corresponds to OpenBSD's.

+

+Furthermore an often unnecessary checksumming was removed, which gains another 10% performance. Also state tables and interface bound states were reimplemented and the pf_test_*() functions where fold into pf_test_rule() to make things clearer. DragonFly-specific additions, support for fairq packet queueing and pickups, have remained intact.

+

+**WiFi Stack Update** - FreeBSD's WiFi (802.11) network stack has been ported. While not all WiFi drivers have been ported the ability to port drivers from FreeBSD much more easily will allow us to ultimately add support for more and newer WiFi devices in the near future.

+

+**MP Performance** - The multiprocessor work that has been ongoing in DragonFly is really starting to bear fruit. The MPLOCK (The primary lock, that when held ensures only a single cpu is operating within the kernel) has been pushed back significantly with this release. Most of the frontend code now uses soft tokens instead of the MPLOCK, though for safety these particular soft tokens still acquire the MPLOCK. We will be phasing out the safety feature as work progresses.

+

+More importantly, HAMMER now runs with a per-mount lock and has specific optimizations to run 100% MPSAFE in the cached read & stat paths.

+

+Much of the system backend including the buffer cache, the networking subsystem (protocol stacks and netif drivers), and the AHCI disk driver are now completely MP-safe and do not acquire the MPLOCK at all. For most intents and purposes the system is running MP-safe. I don't want to sell this short because large portions of the core infrastructure have been MP-safe for years. But now those MP-safe paths for the first time can reach all the way from userland to the device drivers on the backend.

## Availability

-The release ISO images should be available on most of the [[mirrors|mirrors]]. If the ISO is not available on a certain mirror, please try another one or download it from the DragonFly FTP server.

+Three release options are now available for 32-bit as well as for 64-bit.

+

+* An ISO, to be burned to a physical cd or used as an image to install a virtual machine.

+The release ISO images should be available on most of the [[mirrors|mirrors]]. If the ISO is not available on a certain mirror, please try another one or download it from the DragonFly master site. Each image is in the "Live CD" format, meaning that it boots into a running and fully functional DragonFly system, which can be used for testing or system recovery tasks as well as installation

-We offer thousands of pre-built [pkgsrc](http://www.pkgsrc.org) packages for this release. The [pkg_radd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_radd&section=ANY) utility may be used to download pre-built binary packages. The path can be overridden by setting BINPKG_SITES in `/etc/settings.conf`.

+We offer thousands of pre-built [pkgsrc](http://www.pkgsrc.org) packages for this release. The [pkg_radd(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_radd&section=ANY) utility may be used to download pre-built binary packages. The path can be overridden by setting BINPKG_BASE in `/etc/settings.conf`.

To get a list of all packages, let [pkg_search(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=pkg_search&section=ANY) download the summary file for that release:

# pkg_search -d

-We supply a Makefile in /usr to track the pkgsrc tree and we supply a Git mirror of the NetBSD pkgsrc CVS repo at `git://git.dragonflybsd.org/pkgsrcv1.git`. We recommend that

-users use it, instead of pulling from NetBSD with CVS. Our Git mirror is updated several times a day.

+We supply a Makefile in `/usr` to track the pkgsrc tree and we supply a Git mirror of the NetBSD pkgsrc CVS repo at `git://git.dragonflybsd.org/pkgsrcv2.git`. We recommend that users use it, instead of pulling from NetBSD with CVS. Our Git mirror is updated several times a day.

-## DragonFly 2.6.x Special Installation and Upgrade Notes

+## DragonFly 2.8.x Special Installation and Upgrade Notes

-**New Loader** - The forth loader is no longer in the system. The new loader, 'dloader', has to be installed before an 'installkernel'. If you are updating from an older system such as DragonFly 2.4 it is recommended to run an installworld before the installkernel to update the loader. Otherwise you can simply do the following before the 'installkernel'.

+**New Loader** - The forth loader is no longer in the system. The new loader, 'dloader', has to be installed before an 'installkernel'. If you are updating from an older system such as DragonFly 2.6 it is recommended to run an installworld before the installkernel to update the loader. Otherwise you can simply do the following before the 'installkernel'.

**BIND removal** - BIND is no longer in the base system. If you are using BIND or any of the associated utilities (host, nslookup, etc.), this method will allow you to transition to the version in pkgsrc:

**OpenSSL upgrade** - OpenSSL has been upgraded, and SHLIB_MAJOR was bumped for `libssh` and `libcrypto`. This shouldn't break any 3rd-party software, but you'll need to recompile your 3rd-party software if you want it to link against the new version of OpenSSL.

+**libevent removal** - Any previously installed applications depending on the `libevent` library in base will require recompilation, as this library is no longer supplied as standard.

+

+**VirtualBox, Virtual PC, and VMWare users** - Unless your virtual hard disk is 50G or larger, we recommend doing a UFS install and not the default HAMMER install. We also recommend installing from the CD ISO and not the GUI IMG. A more serious installation should use HAMMER with at least a 50G disk image and can install from the GUI IMG.

+

+**Virtual PC users** - Virtual PC does not supply serial numbers for the virtual disks. The system may need to be manually directed in the boot loader if the disk identifier changes. (Hit ? in the boot loader for a list of available volumes.)

* A number of rare race conditions was fixed. This improves overall stability.

* It is now possible to use powernow(4).

* It is now possible to boot an SMP kernel without having to enable `APIC_IO`.

+* The kernel now configures 128GB of KVM and memory scaling has been tuned. Among other things this means that a well-endowed system will cache significantly more vnodes and configure a larger buffer cache.

+* The kernel now supports up to 512G of swap by default.

> ### Removals

* BIND is no longer in the base system. See Special Upgrade notes above for a migration path.

+* libevent.

> ### Contributed Software

-* Imported drill and libldns as a resolving utility in base as BIND has gone

-* Imported lvm (Logical Volume Manager)

-* Imported cryptsetup for use with the new device mapper crypto target, dm_target_crypt

-* Updated awk to 20100523

-* Updated bzip2 to 1.0.6 which fixes CVE-2010-0405

-* Updated OpenSSH to 5.6p1 (with HPN patch)

-* Updated OpenSSL to 1.0.0a

-* Updated tzdata to 2010n

+* Shipping with pkgsrc-2010Q3 built packages.

+* Imported drill and libldns as a resolving utility in base as BIND has gone.

+* Imported lvm (Logical Volume Manager).

+* Imported cryptsetup for use with the new device mapper crypto target, dm_target_crypt.

+* Updated awk to 20100523.

+* Updated bzip2 to 1.0.6 which fixes CVE-2010-0405.

+* Updated OpenSSH to 5.6p1 (with HPN patch).

+* Updated OpenSSL to 1.0.0a.

+* Updated tzdata to 2010n.

>### Security related

-* Improved stability of tmpfs so that a simple user can't panic the system due to kva exhaustion

-

->### Big-ticket items

-

-**Crypto support** - dm-crypt was ported to DragonFly. This means that it is now possible to encrypt DragonFly partitions (e.g., HAMMER and UFS). While it is possible to only encrypt certain partition like `/home/`, it is also possible to encrypt the whole root file system. The latter is especially useful for mobile devices. Further, some parts of the code are SMP aware, so expect a speedup if using multi core machines.

-

-**Packet Filter (pf)** - Pf was updated to a version based upon OpenBSD 4.2. The previous version of pf in DragonFly was based on OpenBSD 3.5. This, in addition to laying the ground for further following OpenBSD's implementation, introduced several performance gains: Information like route-to, altq, tags, etc are now stored in the `mbuf` header directly. This was partially already the case up to DragonFly 2.6, but now the implementation corresponds to OpenBSD's. Furthermore an often unnecessary checksumming was removed, which gains another 10% performance. Also state tables and interface bound states where reimplemented and the pf_test_*() functions where fold into pf_test_rule() to make things clearer. DragonFly-specific additions, support for fairq packet queueing and pickups, have remained intact.

-

-**thingname** - thingsdesc

-

+* Improved stability of tmpfs so that a user can't panic the system due to malloc zone exhaustion.